Exterminate It! Antimalware

malpedia

Known threats:699,742 Last Update:October 27, 11:19

Testimonials

Dear Mat,

Thanks you have saved my life, superb programme well worth the money. There seems an awful lot of viruses or trogens knocking around at the moment, I will recommend your product.

Andy

File: .csrss

Location of .csrss and Associated Malware

Check whether .csrss is present in the following locations:

Windows 2000, Windows XP, Windows Server 2003 specific .csrss file locations:

  • C:\Documents And Settings\USER_NAME\Application Data\.csrss

Windows Vista, Windows Server 2008, Windows 7, Windows 8 specific .csrss file locations:

  • C:\Users\USER_NAME\AppData\Roaming\.csrss

If you find .csrss file in any of these locations, your computer is very likely to be infected with the following malware:

IMPORTANT: Malware files can be camouflaged with the same file names as legitimate files. The .csrss file is associated with malware only if found in the locations listed above.

Notes:

Different Variations of .csrss File^

File SizeFile Md5Last Seen
36D65A0C45893F4D782825EB2CCACABEE4Jun 5, 2011
36D3F642E0F6CC007C09F1423559569899Jun 6, 2011
3693B9A6E735552D82F23648D27750C5ECJun 6, 2011
36C17C813BE609EF0683A31439A45606A4Jun 6, 2011
368A10B335E4DA2A71EAA09CAF35D90299Jun 6, 2011
3681D0F6347C823F14F9CB3706D3457C6FJun 6, 2011
369242B30CC40B68B1643BE786375F2649Jun 6, 2011
369F7F0C7B1DD02118BEB38CAF9731CD98Jun 6, 2011
36CA7309BABFC679A65CD1F42E31601522Jun 6, 2011
36B567DEEB9A34FFC2A2F5C08D251D7670Jun 6, 2011
367F3D1DFF42ED1A3777C3FF7114DEBF30Jun 6, 2011
366375BF25DA72443E458BBCBDD09D2741Jun 6, 2011
3690AACD7B9401818C71E28063F8DC77F1Jun 6, 2011
36518DD807524C053FB55F24352E94C955Jun 6, 2011
3639C1A977BCA1A189E31E534915C53E06Jun 7, 2011
361027647957A47E9E2F591A33C7D5D248Jun 7, 2011
36DF653DC0D65CA549CB96B3A98DC6D23FJun 7, 2011
363179FAFEBEDAF79A43B27D2A519E1F32Jun 7, 2011
36755DC42605DEBFD3F10ABFA93B7ADE53Jun 7, 2011
36FE6946A2C61070060C9DF3249DB73F86Jun 7, 2011
36BD4D76B1C11C23BF5F607329425CF8D6Jun 8, 2011
3662A827B56DEE16953E4060BE83128944Jun 8, 2011
361E388300B949638ECA257E255513FC92Jun 8, 2011
36CABEBD79D2740471E295BA6F6302B2A8Jun 8, 2011
36D99758527F771BEF099C200D5B06B351Jun 8, 2011
36A0AB3DEAAC466071C03D22F2364D82DDJun 8, 2011
364D5320F889842B8F0BFC31FA5C2AA2EFJun 8, 2011
36F3C7728B964788897BB71FACCF8639DCJun 8, 2011
363F787BBDA7D059A04F3B34A363E896AAJun 9, 2011
361E8D52BF6B51EDC5E97B70332469D229Jun 9, 2011
36EF3B59F37A130BEB60CFD29DDEA5F9D3Jun 9, 2011
369D1B9BE55B98281ABB53DB70021587A9Jun 9, 2011
36A8F78C5C40A7FADAD58897C345C16391Jun 9, 2011
3610BCC2E72C39A7F999306BDDCA9A4EF8Jun 9, 2011
368D156EABFD33AA067BD27C7B47C58D2DJun 9, 2011
363BE810276310A1934E89D29DDFF98A56Jun 9, 2011
3699B49ABA10EF1FC5D9F033BB9D1C6575Jun 9, 2011
36042B6738446AB0F02703927ED6B1708DJun 9, 2011
3695A1427C1BF234962A506742B3F72329Jun 9, 2011
367BDCDA8A816A090947BAA8665385FA40Jun 9, 2011
36EA8E1B24592ACE9957D241F6FDB6E522Jun 9, 2011
36E4A12371F343586815BC004BB5253BAEJun 9, 2011
369C3066B740F76ABB66C2B68D0D2DA2CEJun 10, 2011
360710C1CDFB7AB01B519DBB8761A80C2CJun 10, 2011
3643E102923C30DE24FF16283C68DA4CD9Jun 10, 2011
362FACDB286EF8BB887DFF92B1B86D0DB1Jun 10, 2011
364DB596ACB1E76A86CEA21C034C52386BJun 10, 2011
36E07ADB3DF370BF87AB17373FF847E5E5Jun 11, 2011
362E7A7D4578BB19FDC073B6213A6E19ADJun 11, 2011
365DEB8D2E073D48F8B46154C9D35C958BJun 11, 2011
36A40D2C2E30ED001365D9669E41130796Jun 12, 2011
3692B23BF34F0F09E3A6B764729D2081F5Jun 12, 2011
36485CDB5890E74AA84A843A1B6C0C9463Jun 13, 2011
360F3823984C56090833AD3986562BF9F0Jun 14, 2011
36965FB0B1D4319714C86E1BB8F8FE7ABDJun 14, 2011
360CF635432B0E92D30FA9517C1AB0EF9AJun 14, 2011
367AC49E68EB5EE0E1E36E483CC2CE240CJun 14, 2011
36939D6CECBEE48B00198A1A4E00C47F15Jun 14, 2011
367796716F2F5FDEF793995183391151A4Jun 14, 2011
3650AAA126A3613085FBBE6BAB0ACCDA79Jun 14, 2011
36CD1D3019EAD4BDC5788F2D2245CEAB05Jun 14, 2011
3686453571B24574B53EDC7C2EF2A0D398Jun 14, 2011
36DBF43A27F6726D8F9CBB8A15E7095050Jun 14, 2011
364F9D3A4689A4C0907FA389B13F82FFE9Jun 14, 2011
369EF5A11F721E3A345866C8CBD9AC9C7EJun 14, 2011
36BE2A5B7E085B70F77F7A82A5842A93D5Jun 15, 2011
364FE54E4F4913195EE20A897D94074A69Jun 15, 2011
36F5F616B3582F01A510A66A6BE85BFD71Jun 15, 2011
367DAAD80706626011943225475D2F4DFAJun 15, 2011
36ABD6EC899E7E517E2FA34BAD7E9E6652Jun 16, 2011
36BD5548B71D317AEE45623ECCE57844E9Jun 16, 2011
3615C675392A78A6B04D7FB9FD6BEF0E04Jun 16, 2011
36BF7988A335659C5ACF8EEA5342982CB0Jun 16, 2011
366D38506ECCBAC1919D9D467567E602C6Jun 16, 2011
3628473E0102970F1C7E739D2A712B03BFJun 16, 2011
360966A60DB8F1ECF8DDCCDDFC409864C0Jun 16, 2011
36DFC0C9B48CDAF62D265A5FEABAAE298BJun 17, 2011
36F13678D592E2EEC4C836E289D4D876CFJun 17, 2011
36DB7C5C8412B8F3D00C2A75297C2E83C3Jun 17, 2011
36AA0C90578D198EBF3635D99455B67E95Jun 17, 2011
36D905F43FACE37833CD0C2A49ECFAEB69Jun 17, 2011
365F333E95941362BBDB412108D49841BBJun 17, 2011
361C5193271D0246B5562C29263D51AE4DJun 19, 2011
36E3EAE60CB6884BD0EDC2C91FA725A78AJun 20, 2011
360BAC17A9829C7BE77A1E2AF452540C47Jun 24, 2011
361E3CE21401B496476AA4576067DB7333Jun 24, 2011
36C86A9AAE76ADD05D54E7D4163D6E911FJun 24, 2011
36928F942B524502BA0728DA3F567DAC10Jun 24, 2011
36859FE3B5C89459A0ABD6B9C93B5B8B34Jun 29, 2011
363F25341ABFB5FB16B1DC777A8D149CE9Jun 29, 2011
3607365B4DA5F192DADAE6C1B6FC96706AJul 2, 2011
36E18802FC569C2C18B8B95D9393692BC7Jul 3, 2011
36D40425D77F4DF65406255FE33C7B4F75Jul 5, 2011
36A6807D81BEBBAD82E95565D49C616D17Jul 7, 2011
36A2F5AE3771D8473BB38C8EE6135C4C9FJul 7, 2011
3648BA5708BDF21D4D1004624CCC6A0FD3Jul 21, 2011
36990A88EBD6A632BB3037D0F95A3F4135Aug 7, 2011
3636D43BFB799CE6B11E6C5692C9B516AFSep 26, 2011
36CEC235924C7F6556B65A7C2481D825E9Nov 17, 2011
360A13D04AAA5C5813FBECEF233818A9AADec 5, 2011
3669682B29187839895862464D3962F61FDec 25, 2011

Why Is It Important to Remove Malware Files?^

It is imperative that you delete malware-associated files as soon as possible because they can be used - or are already being used - to inflict serious damage on your PC, including:

  • Disrupting the normal functioning of the operating system or rendering it completely useless.
  • Hijacking valuable private information (credit card numbers, passwords, PIN codes, etc.)
  • Directing all your Web searches to the same unwanted or malicious sites.
  • Dramatically slowing down your computer.
  • Gaining total control of your PC to spread viruses and trojans and send out spam.

How to Remove .csrss^

  1. To enable deleting the .csrss file, terminate the associated process in the Task Manager as follows:
    • Right-click in the Windows taskbar (a bar that appears along the bottom of the Windows screen) and select Task Manager on the menu.
    • In the Tasks Manager window, click the Processes tab.
    • On the Processes tab, select .csrss and click End Process.
  2. Using your file explorer, browse to the file using the paths listed in Location of .csrss and Associated Malware.
  3. Select the file and press SHIFT+Delete on the keyboard.
  4. Click Yes in the confirm deletion dialog box.
  5. Repeat steps 2-4 for each location listed in Location of .csrss and Associated Malware.
  6. Notes:

    • The deletion of .csrss will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). For instructions on deleting locked files, see Deleting Locked Files.
    • The deletion of .csrss will fail if your Windows uses the NT File System (NTFS) and you have no write rights for the file. Request your system administrator to grant you write rights for the file.

Deleting Locked Files^

You can delete locked files with the RemoveOnReboot utility. You can install the RemoveOnReboot utility from here.

After you delete a locked file, you need to delete all the references to the file in Windows registry.

To delete a locked file:

  1. Right-click on the file and select Send To -> Remove on Next Reboot on the menu.
  2. Restart your computer.

The file will be deleted on restart.

Note: In the case of complex viruses that can replicate themselves, malware files can reappear in the same locations even after you have deleted those files and restarted your computer. Exterminate It! Antimalware can effectively eradicate such viruses from your computer.

To remove all registry references to a .csrss malware file:

  1. On the Windows Start menu, click Run.
  2. In the Open box, type regedit and click OK. The Registry Editor window opens.
  3. On the Edit menu, select Find.
  4. In the Find dialog box, type .csrss. The name of the first found registry value referencing .csrss is highlighted in the right pane of the Registry Editor window.
  5. Right-click the registry value name and select Delete on the menu.
  6. Click Yes in the Confirm Value Delete dialog box.
  7. To delete all other references to .csrss, repeat steps 4-6.
IMPORTANT: Malware files can masquerade as legitimate files by using the same file names. To avoid deleting a harmless file, ensure that the Value column for the registry value displays exactly one of the paths listed in Location of .csrss and Associated Malware.